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(54) Title: SYSTEM AND METHOD FOR AUTHENTICATING A USER 

^ (57) Abstract: The system and method provides for the authentication of a user based on graphical input provided by the user. The 
S user enters graphical input, such as a squiggle, into a graphical interface. A verifier compares the input pattern to a secret input 

pattern to determine if the two patterns are approximately similar in order to authenticate the user. Typically, the verifier uses an 
Q approximation parameter to determine if the input and secret patterns are similar. Once the verifier authenticates the user, the user 

is allowed access to a resource, such as a computer system, portable computer, software application running on a computer system 

or other hardware device. 
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SYSTEM AND METHOD FOR AUTHEPmCATING A USER 

Field of the Invention 

The invention relates generally to the field of security and authentication and, more 
particularly, to a system and metiiod for using a graphic display to authenticate a user of a 
computer or other device. 

Background of tiie Invention 

Passwords have long been used to authenticate a user before providing access to a 
computer system or to some other device. They are easy to use and conceptually simple. They 
are probably the oldest and most coromon data security tool used in computing environments. 
Because they are generally alphanumeric in form and often closely related to words in natural 
language, passwords are relatively easy for users to remember. Typically, users can rapidly enter 
them through standard hardware peripherals such as keyboards. Nonetheless, in terms of their 
security properties, passwords have shortcomings. Typically, users derive their passwords from a 
limited portion of the lexicons in their native languages, making them easy to guess, particularly 
in automated computer attacks. 

The vulnerability of passwords in computer systems is becoming increasingly 
problematic as computing and networking technologies aim to manage increasingly sensitive 
inforaiation. Consumers are beginning to use smart cards and other portable devices to carry 
digital cash. At the same time, corporations are making sensitive information more available on 
their networks and are employing digital signatures in committing to legally binding contracts. 
Hardware devices like smart cards and authentication tokens provide cryptographic 
authentication for such applications; but typically the cryptographic features of these devices are 
secured using passwords. 

It is possible to broaden the distribution of passwords that are used in a system, and 
thereby strengthen the system, by assigning randomly generated alphanumeric passwords to users. 
Even users with the most retentive memories, however, have diflBculty remembering more than 
approximately seven alphanumeric characters. The total number of such seven character 
passwords is about 2^^«10'^ which is too small to provide resistance against an automated 
computer attack on the password. Strong resistance to automated password attacks requires a 
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password space on the order of about 2^^«10^^ This space corresponds to random, alphanumeric 
passwords of sixteen characters in length, which is too long for practical use by most users. 

The difficulty users have in remembering enough password information to allow secure 
authentication is at odds with their ability to retam large amounts of other types of information m 
other contexts. A few examples of the other types of nonpassword data an individual may 
routinely remember are historical and personal events, the configuration of rooms in buildings, 
and the layout of city streets, not to mention the vocabulary and idioms of her native language. 
Some of that information may remain fixed in her memory over extended periods of time, even 
without firequent reinforcement. 

A number of researchers have mvestigated tiie use of such everyday mformation in 
connection with nmemonic systems as a replacement for passwords. One authentication 
approach exploits the ability of users to recognize faces. To authenticate herself in this system, a 
user is asked to identify a set of familiar faces from among a gallery of photographs. While 
conveniently universal, this system has large memory requirements for the stor^e of the 
photographs, and has relatively slow data entry tune. Another proposed approach is based on the 
use of routes on a complex subway system, such as the Tokyo subway system, in connection with 
secrets, suggesting that users could retain relatively large amounts of information in this context. 
This approach has the advantage of mnemonic naturalness, but has a strong disadvantage in its 
idiosyncrasy because not all users live in cities with subway systems or use a subway firequently. 

A commercial system produced by Passlogix, Lie. of New York, New York effectively 
extends the mnemonic approach by allowing users to select from a range of mnemonic systems. 
Users can, for instance, choose to use an interface displaying a room containing a collection of 
valuables, and encode a password as a sequence of moves involving the hiding of these valuables 
in various locations around the room. This method of password entry appeals to a natural 
mnemonic device because it resembles the medieval system of the "memory palace," whereby 
scholars sought to archive data mentally in an unagined architectural space. By allowing the user 
to select a password herself, however, this approach is vulnerable to the problem of predictability 
that occurs with conventional password systems. Some passwords are more popular than others, 
since they are easier to remember. In one example, one-third of user-selected passwords could 
be found in the English dictionary. Similarly, in a mnemonic system, users are more likely to 
pick some sequences than others. In one example, a mnemonic system allows users to trade 
stocks; typically, the users will choose fix>m among the most popular stocks, as these are the 
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easiest to remember. In seeking to guess a password in this system, an attacker is likely to gain a 
substantial advantage by choosing Dow Jones stocks. In principle, if user passwords are formed 
as sufficiently long random sequences of moves, a mnemonic system will provide an adequate 
level of cryptographic security. Typically, mnemonic systems are not designed to facilitate user 

5 memorization of random sequences, and may not even enforce a minimum sequence length in 
user password entry. A mnemonic system may also be cumbersome in terms of the user 
interaction involved in entering a password, in some cases demanding an involved sequence of 
non-uniform mouse movements to enter the password into a computer system. 
SiiTTinriRfy nf the Invention 

10 One objective of a system constructed according to the invention is to provide graphic or 

visual passwords that users can remember easily and for a long duration. Another objective is to 
provide a password tiiat a user can enter with a minimum of physical effort, such as by minimal 
mouse movement or keystrokes, or by the use of a writing tool on a tool sensitive graphic 
display. An additional objective is that the entry of the password should require minimal mental 

15 effort 

Another objective of the invention is to provide flexible password entry. Unlike 
computer memory, human memory is prone to inaccuracy. One objective is to accommodate 
likely user errors. 

Another objective of the invention is to provide a system adaptable to computing 
20 enviroimients with limited memory, power, and graphical display capabilities. In addition, a 
system constructed according to the invention should be useable with a range of hardware 
peripherals, such as keyboards, mice, touch screens, and palmtop computer styluses. 

In one aspect, the invention relates to a method for authenticating a xxser. The method 
includes determining a secret pattern, entering an input pattern from a user on a graphical 
25 interface, determining an approximation parameter that can be used to compare the secret pattern 
to the input pattern, comparing the secret pattern and the input pattem to determine if the secret 
pattem and the mput pattem are approximately similar within limits defined by the 
approximation parameter, and authenticating tibie iiser based on the comparison. 

In one embodiment, the method includes displaying a portion of the secret pattem on the 
30 graphical int^&ce to the user. In another embodiment, the metiiod includes determining the 
portion to display based on a display parameter. 



wo 01/77792 PCTAJSOl/10498 

-4- 

In one embodiment, the method includes determining the secret pattern based on a grid. 
In another embodiment, the method includes selecting one or more blocks of cells in the grid 
based on the secret pattern. In another embodiment, the method includes comparing an input 
sequence for entering the mput partem with a secret sequence* of the secret pattern. 

5 In one embodiment, the method mcludes entering the input pattern on a displayed grid on 

the graphical interfeice. In another embodiment, the method includes entering a squiggle. In a 
further embodiment, the squiggle mcludes a random shape. In another embodiment, the method 
includes entermg a symbol In another embodiment, the method includes entering a sketch. In 
another embodiment, the method includes selectmg one or more points on each of a plurality of 

10 images displayed on the graphical interface. 

In another embodiment, the method includes allowing access to a resource in response to 
the step of authenticatmg the user. 

In one embodiment, the method includes generating a calculated value of the secret 
pattern, generating a calculated value of the input pattern, and comparing the calculated value of 
1 5 the secret pattern and the calculated value of the input pattern. In another embodiment, the 

method includes generating a hash of the secret pattern and generating a hash of the input pattern. 

In another embodiment, the method includes determining one or more secret points 
located in a display area and determining one or more approximation regions associated with one 
or more secret points. 

20 hi another embodiment, the method includes providing one or more memory cues to the 

user. In a further embodiment, the method mcludes providing one or more visual and/or auditory 
memory cues. 

In another aspect, the invention relates to an authenticator for authenticating a user of a 
resource. The authenticator includes a graphical interface, a secret pattern, an input pattern, an 

25 approximation pattern, and a verifier. The graphical interface is capable of receiving gmphical 
input from a user. The user enters the input pattem on the graphical interface. The 
approximation pattem can be used in comparing the secret pattem and the input pattem to 
determine if die secret pattem and the input pattem are approximately similar within limits 
defined by the approximation parameter. The verifier is in communication with the graphical 

30 interface and authenticates the user by comparing the secret pattem and the input pattem using 

the approximation parameter. 

/ 
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In one embodiment, the graphical interface displays a portion of the secret pattern to the 
user. In anoflier embodiment, the graphical interface uses a display parameter to determine the 
displayed portion of the secret pattern. 

In one embodiment, the secret pattern is based on a grid. In another embodiment, the 
5 approximation parameter inciiides one or more blocks of cells in the grid based on the secret 
pattern. In another embodiment, the input pattem includes an input sequence and the secret 
pattern includes a secret sequence, and the verifier compares the input sequence and the secret 
sequence. 

In one embodiment, the graphical interface includes a displayed grid, and the user enters 
10 the input pattem on the displayed grid. In another embodiment, the input pattem includes a 

squiggle. In another embodiment, the squiggle includes a random shape. In another embodiment, 
the input pattem includes a symbol In another embodiment, the input pattem includes a sketch. 

In another embodiment, the user selects one or more pomts on each of a plurality of 
unages displayed on the graphical interface when entering the input pattem on the graphical 
15 interface. 

In another embodiment, the verifier allows access to a resource in response to 
authenticating the user. 

In one embodiment, the verifier generates a calculated value of the secret pattem, 
generates a calculated value of the input pattem, and compares the calculated value of the secret 
20 pattem and the calculated value of the input pattem. 

In another embodiment, ttie verifier generates a hash of the secret pattem and a hash of the input 
pattem. 

In another embodiment, the gmphical interface determines one or more secret points 
located in a display area and one or more approximation regions associated with one or more 
25 secret points. 

In one embodiment, the graphical interface provides one or more memory cues to the 
user. In a fiirther embodiment, the graphical interface provides one or more visual and/or 
memory cues. 

Brief Descriptions of the Drawings 
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The invention is pointed out with particularity in the appended claims. The above and 
further advantages of this invention may be better understood by referring to the following 
description taken in conjunction with the accompanying drawings, in which: 

FIG. 1 illustrates a functional block diagram of an authenticator system based on 
5 graphical input according to one embodiment of the mvention. 

FIG. 2 illustrates a flowchart of the authentication process based on graphical input 
according to one embodiment of the invention. 

FIG. 3 provides a pictorial view of a grid and secret graphical pattern of highlighted 
squares or cells according to one embodiment of the invention. 

1 0 FIG. 4 provides a pictorial view of a grid and a secret pattem illustrated by connected line 

segments for one embodiment of the invention. 

FIG. 5 provides a pictorial view of an mput pattem that closely approximates the secret 
pattem illustrated in FIG. 4. 

FIG. 6 provides a pictorial view of a partial display of the secret pattem illustirated in FIG. 

15 4. 

FIG. 7 provides a pictorial view of an approximation block of cells and an input pattem 
that is approximately similar to the secret pattem illustrated in FIG. 4. 

FIG 8 provides a pictorial view of a display area, secret points located in the display area, 
approximation regions based on the secret points, and input points provided by a user, according 
20 to one embodiment of the invention. 

Detailed Description of the Invention 

FIG. 1 illustrates a fimctional block diagram of an authenticator system 110 including an 

input pattem 1 12, graphical interface 1 14, verifier 1 16, secret pattem 118, and approximation 

parameter 120. FIG. 1 also illustrates a user 124, who provides the input pattem 1 12 to the 
25 graphical interface 1 14, and a resource 126, which the verifier 116 allows the user 124 to access 

after verifying the input pattem 112 using the secret pattem 118 and the approximation parameter 

120, as will be discussed in more detail later. 

In one embodiment, tiie gn^hical interface 1 14 is a hardware device that provides a 

graphical display that can be viewed by the user 124 and vdiich receives the input pattem 1 12 
30 fi:om the user 124. In another embodiment, the gr^hical inter&ce 1 14 is a CRT (cathode ray 
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tube) with a touch screen capability. In another embodiment, the graphical interface 114 is a flat 
sCTeen device, such as a LCD (liquid crystal display) or an active-matrix display device with 
input capability. In one embodiment, the graphical interfece 1 14 is a separate device that is 
electronically, optically, or otherwise m communication with the verifier 1 16. In another 
embodiment, the graphical interface 1 14 is integrated into another device, such as a computer 
system, laptop computer, pahntop computer, other portable computer, or portable cellular 
telephone. In other embodiments, the other device also includes the verifier 116 and/or resource 
126. 

In one embodiment, the verifier 1 16 is a software application executing on a general 
purpose computer system. In alternate embodiments, the verifier 1 16 is implemented as a 
soflvwire module, program, or one or more objects, such as objects implemented in the C** 
programming language. In another embodiment, the verifier 1 16 is a hardware device or 
integrated chip, such as an ASIC (application-specific integrated circuit). 

In one embodiment, the resource 126 is a computer system, a database, or other resource 
that the user 124 desires to employ. In another embodiment, the resource 126 provides 
computational resources or data that the user 124 would like to access. In another embodiment, 
the resource 126 is a physical location or entity tiiat the user 124 desires to access or use, such as 
a room, a locked automobile, or the locked ignition medianism for an automobile. 

In another embodiment, the graphical interface 1 14, verifier 1 16, and resource 126 are all 
part of the same computer system, laptop computer, pahntop computer, or other portable 
computer, hi anotiier embodiment, the graphical interface 114, verifier 1 16, and resource 126 are 
separate computers or devices connected in a network, which may be a local network, or a global 
network, such as tiie Internet 

In one embodiment, the autiienticator system 1 10 uses tolerance parameters. In tiie 
embodiment of FIG. 1 , two tolerance parameters are shown, an approximation parameter 120 and 
a display parameter 122. Li fliis context, a tolerance parameter provides a tolerance or limit for 
how mudi mformation the user 124 is given or how accurate the user's 124 input must be. The 
approximation parameter 120 indicates how close the iapvt pattem 1 12 must be to tiie secret 
pattern 1 1 8 for the verifier 1 16 to consido: tiie input pattem 1 12 to be qiproximately similar to 
the secret pattem 118. The display parameter 122 indicates how much of tiie secret pattem 118 
is displayed to tiie user 124. The user provides an input pattem 1 12 that matohes the undisplayed 
portion of the secret pattem 118. 
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FIG. 2 illustrates a flowchart of the authentication process based on graphical input 
according to one embodiment of the invention. First, the vraifier 116 determines a secret pattern 
1 1 8 (step 200). In one embodiment, the verifier 1 1 6 determines a random pattern for the secret 
pattern 11 8. In another embodiment, the verifier 1 1 6 determines or calculates a pseudo-random 
pattern, or a secret pattern 1 1 8 based on a matiiematical fimctiorL la other embodiments, the 
secret pattern 1 1 8 is provided to the verifier 1 16 from an external source, such as a database or a 
trusted autiiority, such as a server computer connected over a network to the verifier 116. The 
user receives or has access to the same secret pattern 1 1 8 or trusted authority. 

Th«i the usw 124 enters an input pattern 1 12 on the graphical mtetface 1 14 (step 202) in 
an attempt to match the secret pattern 118. In one embodiment, the user 124 is prompted with a 
portion of the secret pattern 118, \^ch is displayed on the graphical interfece 1 14 based on the 
display parameter 122. In one embodiment the display parameter 122 is a predetermined value 
obtained from a trusted authority, such as a server computer connected over a network to the 
gr£q)hical interfece 1 14. In other embodiments, the graphical intoface 1 14 or verifier 1 16 
determines a random value for the display parameter 122 or uses a mathematical fimction to 
determine the display parameter 122. 

Next, the verifier 1 16 determines an approximation parameter 120 (step 204). The 
verifier 1 1 6 uses tiie ^roxunation parameter 120 to determine if the secret pattern 1 1 8 and 
input pattern 1 12 are approximately similar by comparing the secret pattern 1 18 and input pattern 
1 12 (step 206). In one embodiment, the approximation parameter 120 is a predetermined value 
obtained from a trusted authority. In another embodiment, fhe verifier 1 16 determines the 
approximation parameter 120 usmg a mathematical function. In another embodunent, the 
approximation parameter 120 is determmed before or concurrenUy with determining the display 
parameter 122. In one embodiment, the approximation pattern determines an approximation 
region 144 (see FIG. 8) that is circular, square, or some other shape. 

In one embodiment, the verifier 116 conq)ares the secret pattern 1 1 8 and input pattern 
1 12 directly to verify that the two patterns are approximately sunilar. In another embodiment, 
the vraifier 1 16 compares a calculated value for the secret pattern 1 18 with a calculated value for 
the input pattern 112. 

In one embodiment, the verifier 1 16 compares a hash of the secret pattern 118 with a hash 
of the input pattern 1 12. In anothw embodiment the verifier 1 16 generates a hash of the secret 
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pattem 118 and stores this secret hash m a storage media, such as a hard disk, associated with the 
verifier 116 or authenticator system 1 10. In another embodiment, this verifier 116 stores the 
secret hash in a memory element, such as a ROM or RAM, associated with the verifier 1 16 or 
authenticator system 1 1 0, In another embodiment, the verifier 116 obtains the secret pattem 118 
5 or secret hash over a network or secure channel In a further embodiment, the verifier 116 
compares a fuzzy or approximate value for the secret pattem 118 with a fuzzy or approximate 
value for the input pattem 112. 

If the verifier 116 finds that the secret pattem 1 1 8 and tiie input pattem 1 12 are 
approximately sunilar, then the verifier 1 16 authenticates the user 124 (step 208) and allows the 
10 user 124 to access the resource 126. 

FIG. 3 is a pictorial illustration of a grid 132 and a secret pattem 118 indicated by six 
highlighted squares or cells 13, 20, 26, 41, 49, and 63 in the grid 132. In one embodiment, the 
graphical mterface 1 14 displays to the user 124 the grid 132, wherem each square or cell in the 
grid 132 has a different color or shade. In anotho: embodiment the grid 132 also displays a 
15 recognizable image, such as a photograph. In other embodiments, the grid 132 is not square but 
is a rectangle or other geometric form or shape. In one embodiment, the grid 132 is a square 
matrix where each side of the grid 1 12 has k cells, and the matrix is referred to as a k by k grid 
132. 

In one embodiment, the secret pattem 118 consists of a randomly selected sequence X = xi, 
20 X2, Xn of n squares or cells in the grid 132 as illustrated by cells 13, 20, 26, 41, 49 and 63 in 
FIG. 3, where n has a value of 6, In another embodiment, the secret pattem 1 1 8 is a random 
squiggle that the user 124 must draw to within a certain tolerance, as described below. In other 
embodiments, the secret pattem 1 18 is a letter, number, or other symboL 

In the embodiment shown in FIG. 3, the grid 132 is a 10 by 8 matrix of 80 cells indicated 
25 by cell numbers 1 through 80. The use of a 10 by 8 matrix is exemplary only and is not a 

requirement of the invention. In other embodiments, grids 132 of other sizes or other geometric 
shapes may be used. In one embodiment, the user 124 provides an input pattem 1 12 by selecting 
the same points on the grid 1 32 in the same numerical sequence as the secret pattem 1 1 8, as 
mdicated by the highlighted cells 13, 20, 26, 41, 49, and 63 in FIG. 3. In another embodiment, 
30 the secret pattem 118 includes a secret sequence indicating the order for entering the cells of the 
input pattem 1 12. For example, the required or secret sequence for the secret pattem 1 18 may be 
26, 49, 63, 13, 41, and 20, and the user 124 must enter the same sequence as the input sequence 
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of the input pattern 1 12 on the graphical interface 1 14 before the verifier 1 1 6 determines that 
there is a match between the secret pattern 1 18 and the input pattem 1 12, 

FIG. 4 is a pictorial illustration of a grid 1 32 and a secret pattem 118a. In FIG. 4 the 
secret pattem 1 18a includes cells 31, 22, 33, 43, 53, 64, 55, 56, 46, 47, 38, 48, 49, and 60. The 

5 secret pattem 1 1 8a shown in FIG. 4 is exemplary only. The secret pattem 1 1 8a is shown as a 
path extending generally from left to right, but this is not a requirement of the mvention. 
Generally, the invention does not requhe a secret pattem 118 that tends in any one direction or 
forms any particular type of pattOTi. In alternate embodiments, the secret pattem 118 may be a 
random pattem, a pseudo-random pattem, or a pattem determined by a mathematical function. In 

10 FIG. 4 the secret pattem 1 18a is indicated by connecting lines. In other embodiments, the secret 
pattem 1 1 8a is indicated by curved lines, by a list of cell numbers, or other mechanism that 
indicates a unique secret pattem 1 18 in the grid 132. 

FIG. 5 illustrates the grid 132 and the secret pattem 1 18a of FIG. 4 along with an input 
pattem 1 12a that a user 124 has entered that closely g^proximates the secret pattem 1 1 8a. The 
1 5 input pattem 1 1 2a touches the same cells in the grid 1 32 as the secret pattem 1 1 8a. In one 

embodiment, the verifier 1 16 determines that the input pattem 1 12a is approximately similar to 
the secret pattem 1 1 8a by determining that the two patterns 1 12a, 1 1 8a touch the same cells. 

In one embodiment using a display parameter 122, the graphical inter&ce 1 14 displays to 
the user 124 the first h squares m the sequence, xi, X2, Xh in a secret pattem 118. The value h 
20 is the display parameter 122 indicating that the graphical interface 1 14 displays only h squares of 
the secret pattem 1 18 to the user 124. 

For example, FIG, 6 illustrates a displayed portion 134 of the secret pattem 1 18a of FIG. 
4, for one embodiment of the invention. In this embodiment, h, the display parameter 122 has a 
value of 3, and the graphical interface 1 14 displays only the first three cells 3 1, 22, 33 of the 

25 secret pattem 1 1 8a. The user 124 must then enter an input pattem 1 12 that corresponds to the 
undisplayed portion of the secret pattem 1 18a. In other embodiments, the display parameter 122 
may have values other than 3, and the displayed portion 134 may be based on cells other than the 
first cells of the secret pattem 118, such as cells in the middle of the pattem 118, cells at the end 
of the pattem 1 18 or a selected mmiber of cells determined by other methods. In another 

30 embodiment, &e graphical inter&ce 1 14 displays to the user 124 cells from two or more separate 
portions of the secret pattem 118. 
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In one embodiment using the approximation parameter 120, the user 124 must select a 
square witiiin an rxr block centered around xtn-i, then Xh+2, etc., through Xn to authenticate herself. 
The value r is the approxunation parameter 120. The probability p that a guessed sequence X' is 
correct is easily seen to be (x/kf'''^\ Thus if k = 100, r = 5, n = 10, and h = 2, then p « 10'*^. 

5 For example, in one embodiment, HG. 7 illustrates the grid 132 with an approximation 

block 136 and an input pattern 1 12b that approximately matches the secret pattern 1 1 8a. hi one 
embodiment, the approximation parameter 120 has a value of 3 and one cell of the input pattern 
1 12b is considered a valid match if it is within a 3 by 3 approximation block 136 centered on a 
cell of the secret pattern 1 18a. The approximation block 136 illustrated in FIG. 7 is exemplary 

1 0 only, and an approximation block 136 may be centered or located at different cells on a secret 
pattem 118. For example, a 3 by 3 approximation block 136 centered on a central cell 22 of the 
secretpattemllSaincludescellsll, 12, 13,21,22,23,31,32,and33. Thus, in FIG. 7 cells 21 
and 12 of the input pattem 1 12b do not match cells 3 1 and 22 of the secret pattem 1 1 8a, but the 
verifier 116 considers cells 21 and 12 to be close enough to the secret pattem 1 1 8a because they 

IS are within the approximation block 136 centered on cell 22. In general, in other embodiments, 
the approximation block 136 is adjusted for special conditions such as cells at the edges and 
comers of the grid 132. For example, the approximation block 136 may be enlarged or otherwise 
changed if the central cell of the block 136 is at the edge or comer of the grid 132. If a central 
cell, such as 31, is on the edge of the grid 132, then the 3 by 3 block 136 is adjusted 

20 appropriately. Thus the 3 by 3 block centered on cell 3 1 is set to a 2 by 3 block of the cells 21, 
22, 31, 32, 41, and 42. In other embodiments, the approximation block 136 is adjusted in otiier 
ways, such as giving the approximation block 136 different sizes at different points in the secret 
pattem 1 12b. In general, the invention does not reqiure the approximation block 136 to outline a 
square or rectangular shape, and, in other raibodiments, the approximation block 136 outlines 

25 other geometric shapes. 

FIG 8 illustrates a pictorial view of a display area 140, secret points 142a, 142b, 142c, 
142d, 142e, referred to generally as 142, approximation regions 144a, 144b, 144c, 144d, 144e, 
referred to generally as 144, and mput points 146a, 146b, 146c, 146d, 146e, referred to generally 
as 146, for one embodiment of the invention. The display area 140 is a visual area of the 
30 graphical interface 1 14 that the graphical interface 1 14 displays to a user 124. In other 

embodiments, the display area 140 is not a rectangle, as shown in FIG. 8, but is a square or other 
geometric form or shape. 
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The secret points 142a tbrough 142e are part of a secret pattern 118 that is not displayed 
to the user 124 in one embodunent of the invention. The invention does not require that there be 
any specific number of secret points 142 such as the five secret points 142 shown in FIG. 8, and 
in other embodiments, other numbers of secret pomts 142 may be used in the secret pattem 118. 
5 In another embodiment, the graphical interface 1 14 displays one or more points 142 of 

the secret pattem 1 1 8 on the display area 140 to the user 124 based on a display parameter 122. 
In one embodunent, the display parameter 122 indicates a value for the number of secret points 
142 to be displayed. For example, if the display parameter 122 has a value of 2, then the 
graphical interface 1 14 displays two points, such as 142a and 142d, to the user 124. The 

10 invention does not require that the displayed secret points 142 be adjacent to each oHier or in any 
serial order. For a given display parameter 122 value, different secret points 142 may be selected 
to be displayed at different times. 

In one embodiment, the graphical interface 114 displays an image or photograph that 
overlays the display area 140. If the graphical interface 1 14 displays an image or photograph, 

IS then in one embodiment the input points 146 are not displayed to the user 124. In another 
embodiment, the graphical interface 1 14 highlights or changes portions of the image 
correspondmg to the locations of the input points 146. If a display parameter 122 is used, then 
the graphical interface 1 14 highlights portions of the image in the display area 140 that 
correspond to the one or more secret points 142 selected to be displayed based on the display 

20 parameter 122. 

The input points 146 represent an input pattem 112 that the user 124 enters on the 
graphical interface 1 14. In one embodiment, the approximation regions 144 are regions within 
which the user 124 must make her selections of input points 146 for the verifier 1 16 to verify that 
the user 124 has entered a valid input pattem 1 12. Typically the approximation regions 144 are 

25 not displayed to the user 124. In FIG. 8 the input points 146 are represented by crosshairs or 
crossed lines, for one embodiment of the invention. In other embodiments, flie input points 146 
are represented by other geometric shapes, points, or symbols. In one embodiment, the user 124 
must enter the input points 146 in a predetermined sequence, such as providing input points 142 
to match a secret sequence of secret points 142a, 142c, 142e, 142b, and 142d. In another 

30 embodiment, the user 124 enters the input points 146 in any sequence. 
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In other embodiments, the approximations regions 144 are shapes oflier than the circles 
shoAvn in FIG. 8. In other embodiments, the approximation regions 144 are of different sizes for 
different secret points 142. 

In one embodiment, each input point 146 must be touching or within the approximation 
5 region 144. In another embodunent, one or more input points 146 are allowed to be outside the 
approximation regions 144 based on the approximation parameter 120, and the verifier 116 still 
determines that the input pattern and secret pattern 1 1 8 are approximately similar if most of the 
input points 146 are within the approximation regions 144. In another embodiment, the 
approximation parameter 120.determines the size of the approximation regions 144. 

10 In one embodiment, the graphical interface 1 14 alters the shape of the approximation 

region 144 for one or more secret points 142. For example, if a secret point 142 is close to the 
edge of the display area 140, then part of the approximation region 144 for that secret point 142 
is truncated by the boundary of the display area 140. The graphical interface 1 14 may alter the 
approximation region 144 in other ways. In one embodiment, the graphical interface 114 

15 enlarges the approximation region 144 if it is close to the edge of the display area 140 or is 
partially truncated by the edge of the display area 140. In another embodiment, the graphical 
interface 1 14 determines only one approximation region, such as an ellipse or other shape, for 
two or more secret points 142 located close to each other. 

In one embodiment, the secret pomts 142 are any points that can be determined in the 

20 display area 140. In another embodiment, the graphical mterface 1 14 displays the display area 
140 using pixels, and each secret point 142 is a pixel. In another embodunent, the approximation 
region 144 is based on a predetermined pixel-distance tolerance. 

In one embodiment, the graphical interface 1 14 displays memory cues to the user 124 to 
encourage the user 124 to remember the secret pattem 11 8 so that the user 124 enters a valid 

25 input pattem 1 12 that the verifier 1 16 determines to be approximately similar to the secret pattem 
1 18. The use of memory cues applies to displays based on grids 132 or di^lay areas 140. The 
memory cues are either static or mteractive. In addition, memory cues are either visual, auditory, 
or based on some other sensory medium accessible to the human senses. 

In one embodiment, the graphical interface 114 provides a visual memory cue by 

30 changing the cursor shape or color depending on where on the gmphical interface 1 14 the user 
124 locates the cursor or stylus. 
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In another embodiment, the graphical interface 1 14 or the authenticator system 110 
provides an auditory memory cue by playing a different piece of music for each image that the 
graphical interfece 1 14 displays overlaying the grid 132 or the display area 140, 

In another embodiment, the graphical interface 1 14 provides a visual memory cue by 
5 changing the color or brightness of the image, or of part of the image, displayed to the user 1 24 
depending on where the user 124 locates the cursor or stylus on the graphical interface 1 14. 

In one embodiment, the graphical interface 114 displays successive images to the user 
124, wherein each image is determined dynamically based on the behavior and selections made 
by the user 124 when using a stylus or oihst input device to provide input to the gr^hical 

10 interface 1 14. In one embodiment, when the user 124 selects an input point 146 in a displayed 
im^e, the graphical interface 114 zooms in on the image or magnifies a portion of the image, 
which is then m turn displayed to the user 124. When the user 124 selects another input point 
146, then the graphical interface 1 14 zooms in on the image again. The graphical interface 1 14 
repeats this process until the user 124 has completed entering an input pattern 1 12. 

15' In another embodiment, the graphical interface 1 14 displays a number of portals, such as 

doors, and the user 124 selects one of the portals. The graphical interface 1 14 then displays 
different images depending on which portal the user 124 selects. In one embodiment, the user 
124 simulates entry through a door into another visual space, such as moving through one or 
more doors mto one or more rooms in a building. In one embodiment, each door or portal 

20 represents a secret point 142 in the secret pattern 1 1 8. In another embodiment, each door or 

portal does not itself represent a secret point 142 in the secret pattern 118, but provides access to 
an image that includes one or more secret points 142. 

In another embodiment, the graphical interface 1 14 displays other visual metaphors and 
schemas that a user 124 follows when moving through a visual space, such as moving along a 

25 road or a path, or traveling in a vehicle, automobile, space craft, or water home ship. In other 
embodiments, the graphical interfece 1 14 displays other visual spaces or metaphors, as is known 
in the arts of computer graphics, computer and electronic games, and virtual reality. 

Having described the preferred embodiments of the invention, it will now become 
apparent to one of skill in the art that other embodiments incorporating the concepts may be 

30 used. It is felt, therefore, that these embodiments should not be limited to disclosed 

embodiments but rather should be limited only by the spirit and scope of the following claims. 
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CLAIMS 

What is claimed is: 

1 1. A method for aufhenticating a iiser, the steps comprising: 

2 detennimng a secret pattern; 

3 entering an input pattern from a user on a graphical mterface; 

4 determining an approximation parameter for use in comparing the secret pattern and the 

5 input pattern from the user; 

6 comparing the seoret pattern and the input pattem to determine if the secret pattern and 

7 the input pattem are approximately similar withm limits defined by the approximation parameter; 

8 and 

9 authenticating the user based on the comparing step. 



1 2. The method of claim 1, further comprising a step of displaying a portion of the secret pattem 

2 on the graphical interface to the user. 

1 3. The method of claim 2, wherein the step of displaying the portion of the secret pattem 

2 comprises determining the portion to display based on a display parameter. 

1 4. The method of claim 1, wherein the step of determining the secret pattem comprises 

2 determining the secret pattem based on a grid. 

1 5. The method of claim 4, wherein the step of determining the approxknation parameter 

2 comprises selecting at least one block of cells in the grid based on the secret pattem, 

1 6. The method of claim 1, wherein the step of comparing the input pattem and the secret pattem 

2 comprises comparing an input sequence for entering the input pattem with a secret sequence of 

3 the secret pattem. 

1 7. The method of claim 1 , wherein the step of entering the input pattem comprises entering the 

2 input pattem on a displayed grid on the graphical interface. 



1 8. Ttie method of claim 1 , wherein the step of entering the input pattern comprises entering a 

2 squiggle. 

1 9. The method of claim 8, wherein the squiggle comprises a random shape. 

1 1 0. The method of claim 1 , wherein the step of entering the input pattem comprises entering a 

2 symbol. 

1 1 1 The method of claim 1 0, wherein the symbol comprises at least one of a letter and a number. 
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1 12, The method of claim 1, wherein the step of entering an input pattem comprises entering a 

2 sketch. 

1 13. The method of claim 1 , wherein the step of entering the input pattem further comprises 

2 selecting at least one point on each of a plurality of images displayed on the graphical interface. 

1 14. The method of claim 1, further comprising a step of allowing access to a resource in 

2 response to the step of authenticating the user. 

1 15. The method of claim 14, wherein the step of allowing access to the resoxirce comprises 

2 allowing access to at least one of a hardware device, a computer system, a portable computer, a 

3 software application, and a database. 

1 16. The method of claim 1, further comprising steps of generating a calculated value of the 

2 secret pattem and generating a calculated value of the input pattem; and wherein the step of 

3 comparing the secret pattern and the input pattem comprises comparing the calcxilated value of 

4 the secret pattem and the calculated value of the input pattem. 

1 1 7. The method of claim 1 6, wherem the step of genemting the calculated value of the secret 

2 pattem comprises generating a hash of the secret pattem and the step of generating the calculated 

3 value of the input pattem comprises genemting a hash of the input pattem, 

1 18, The method of claim 1 , wherein the step of determining the secret pattem comprises 

2 determining at least one secret point located in a display area and determining at least one 

3 approximation region associated with the at least one secret point. 

1 19. The method of claim 1 , further comprising a step of providing at least one memory cue to the 

2 user. 

1 20. The method of claim 1 9, wherein the step of providing at least one memory cue to the user 

2 comprises providing at least one of a visual memory cue and an auditory memory cue. 

1 21. An authenticator for authenticating a user of a resource, comprising: 

2 a graphical interface capable of receiving graphical input from a user; 

3 a secret pattem; 

4 an input pattem entered on the graphical interface by the user; 

5 an approximation parameter for use in comparing the secret pattem and the input pattem 

6 to determine if the secret pattem and the input pattem are approximately similar witiiin limits 

7 defined by the approximation parameter; and 
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8 a verifier in communication with the graphical interface, the verifier authenticating the 

9 user by comparing the secret pattern and input pattern using the approximation parameter. 

1 22. The authenticator of claim 21, wherein the graphical interface displays a portion of the secret 

2 pattern to the user. 

1 23 . The authenticator of claim 22, wherein the graphical interface uses a display parameter to 

2 determine the displayed portion of the secret pattern. 

1 24. The authenticator of claim 21 , wherein the secret pattern is based on a grid. 

1 25. The authenticator of claim 24, wherein the approximation parameter comprises at least one 

2 block of cells m the grid based on the secret pattern. 

1 26. The authenticator of claim 2 1 , wherein the input pattern comprises an input sequence and the 

2 secret pattern comprises a secret sequence, and the verifier compares the hiput sequence and the 

3 secret sequence. 

1 27. The authenticator of claim 21 , wherein the graphical interfece comprises a displayed grid 

2 and the user enters the input pattem on the displayed grid. 

1 28. The authenticator of claim 21 , wherein the input pattem comprises a squiggle. 

1 29. The authenticator of claim 28, wherein the squiggle comprises a random shape. 

1 30. The authenticator of claim 21 , wherein the input pattem comprises a symbol. 

1 31, The authenticator of claim 30, wherein the symbol comprises at least one of a letter and a 

2 number. 

1 32. The authenticator of claim 2 1 , wherein the input pattem comprises a sketch. 

1 33. The authenticator of claim 21 wherein the user selects at least one point on each of a 

2 plurality of images displayed on the graphical interface when entering the input pattem on the 

3 graphical interface. 

1 34. The authenticator of claim 21 , v^erein the verifier allows access to a resource in response to 

2 authenticating the user. 

1 35. The authenticator of claim 34, wherein the resource comprises at least one of a hardware 

2 device, a computer system, a portable computer, a sofiware application, and a database. 
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1 36. The aulheaticator of claim 21, wherein the verifier generates a calculated value of the secret 

2 pattern and a calculated value of the input pattern; and compares the calculated value of the 

3 secret pattern and the calculated value of the input patton. 
4 

1 37. The authenticator of claim 36, wherein the verifier generates a hash of the secret pattern and 

2 a hash ofthe input pattern. 
3 

1 38. The authenticator of claim 21, wherein the graphical interface determines at least one secret 

2 point located in a display area and at least one approximation region associated with the at least 

3 one secret point. 
4 

1 39. The authenticator of claim 21, wherein the graphical interfece provides at least one memory 

2 cue to the user. 
3 

1 40. The authenticator of claim 39, wherein the graphical interfece provides at least one of a 

2 visual memory cue and an auditory memory cue. 
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